The development of security-hardened embedded software is a challenge. Recently, vulnerabilities in products such as medical devices, industrial control systems, and automobiles have been exploited. However, firmware can be secured by following best practice architectures, implementation techniques, and software development processes. This course gives you the skills to harden your embedded software to prevent vulnerabilities and detect many types of attacks.
Length/Options
- 2 days (hands-on)
- 1 day (lecture only)
Audience
- Embedded software developers who want to learn how to implement software techniques to increase embedded device security
Prerequisites
- Working familiarity with the C programming language
- Knowledge of embedded software fundamentals (i.e., the topics covered in our Embedded Software Boot Camp)
Related Courses
- Embedded Security Boot Camp
- Designing Security into Embedded Systems
- Retrofitting Embedded Systems to Enhance Security
Outline
- Introduction
- A Brief History of Embedded Systems Attacks
- Uniquely Embedded Concerns
- Reliability as Security
- Security Arms Race
- Cryptography in a Nutshell
- Weakest Link
- Proper Role of Obscurity
- Threat Assessment
- Attackers and Assets
- Attack Surface
- Attack Trees
- Security Policy
- Random Numbers and Entropy
- Randomness and Random Numbers
- Entropy
- Case Study: Not So Random Numbers
- Data At Rest
- Introduction
- Block Ciphers
- Cipher Modes
- Hashes
- Message Authentication Codes
- Common Firmware Vulnerabilities
- Backdoors
- Bugs
- Uncaught and Insecure
- C++ Techniques
- Change of Execution Attacks
- Disassembly and Reverse Engineering
- Denial of Service
- Defensive Software Architectures
- Complexity Kills
- Review: Scheduling and RMA
- Secure RTOSes
- Memory Partitioning and Protection
- CPU Time Partitioning
- Locking Down the Firmware
- Defensive Hardware Interfaces
- Exception Handling
- Race Conditions
- User Interface
- Case Study: A/D Converters
- FPGA Security
- Secure Software Process
- Capturing Security Requirements
- Secure Coding Standard
- Peer Code Reviews
- Security Analysis Tools
- Modeling & Code Generation
- Security Testing Techniques
- Related Topics
- FMEA, FTA, MTBF
- Entity Authentication
- Open Source
- Jailbreaking & DMCA
Learn More
To request pricing or dates, or for more information about this course, contact us.
Find out More
Contact us now to find out more about this course or to enquire about an on-site training at your company.
Recording Policy
Barr Group's courses may not be audiotaped, videotaped, or photographed without consent from Barr Group's executive team.